Vulnerability CVE-2022-29033

Vulnerability CVE-2022-29033

Published: 2022-05-20

Description:

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Type:

CWE-824

(Access of Uninitialized Pointer)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Siemens -> Teamcenter visualization
Siemens -> Jt2go

References:

https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf

Copyright 2024, cxsecurity.com